Login

03-13-2009, 03:41 PM

[eluser]Wil Wazka[/eluser]
To be honest and fair, this is a very needed library, always requested as part of the 'database' core drivers.
However in the other hand, it is worth to take time for improving.

Right now I'm using this, but found some flexibility lacks, two of them pointed out here as 'issues', but they are easily solved with some group work.

As I'm highly interested in this library, let's take some time to point this two first 'issues' and my proposal for solution (sorry for my bad english, not my mother language).

1) As noted by @traveler, trying to initialize the library as explained in the documentation, just doesn't work, because the constructor requires a config array parameter to be passed in to the

Code:
$this->load->library('ldap')

invocation and the docs says it must be made before the library is actually instantiated.
From here, and by looking into the code, I just wonder why don't we provide any

Code:
init() and connect()

methods, and let the constructor try to bind to the server 'only' if the parameter suitable values are passed in.
Besides... what about a config file instead or as complement of the constants alternative?

2) As pointed by someone here up, there's a lack of some error handling, from the OO sight, IMHO.
In the following code, I've included these behaviours:

a. Test the presence of 'connection data' using empty instead of direct NULL comparation.
b. Try to connect to the server anonymously if the above condition isn't true.
c. Check the _error() method at the bottom, and it's usage within the constructor.

Hope this may be useful at least as example.
May this common effort lead us into a very useful plus flexible solution. Cheers!

Code:
/**

     * Initialize the user preferences

     *

     * Accepts an associative array as input, containing display preferences

     *

     * @access    public

     * @param    array    config preferences

     * @return    void

     */

    function Ldap($options = array())

    {

        //you can specifically overide any of the default configuration options setup above

        if(count($options) > 0)

        {

            if(array_key_exists("account_suffix",$options))

            {

                $this->_account_suffix=$options["account_suffix"];

            }

            if(array_key_exists("base_dn",$options))

            {

                $this->_base_dn=$options["base_dn"];

            }

            if(array_key_exists("domain_controllers",$options))

            {

                $this->_domain_controllers=$options["domain_controllers"];

            }

            if(array_key_exists("ad_username",$options))

            {

                $this->_ad_username=$options["ad_username"];

            }

            if(array_key_exists("ad_password",$options))

            {

                $this->_ad_password=$options["ad_password"];

            }

            if(array_key_exists("real_primarygroup",$options))

            {

                $this->_real_primarygroup=$options["real_primarygroup"];

            }

            if(array_key_exists("use_ssl",$options))

            {

                $this->_use_ssl=$options["use_ssl"];

            }

            if(array_key_exists("recursive_groups",$options))

            {

                $this->_recursive_groups=$options["recursive_groups"];

            }

        }

        //connect to the LDAP server as the username/password

        $dc = $this->random_controller();

        if($this->_use_ssl)

        {

            $this->_conn = ldap_connect("ldaps://".$dc);

        }

        else

        {

            $this->_conn = ldap_connect($dc);

        }

        if( ! $this->_conn )

        {

            show_error ("FATAL: AD connection to '". $dc ."' failed. <br/>"

                        .ldap_err2str());

            return FALSE;

        }

        //set some ldap options for talking to AD

        ldap_set_option($this->_conn, LDAP_OPT_PROTOCOL_VERSION, 3);

        ldap_set_option($this->_conn, LDAP_OPT_REFERRALS, 0);

        //bind as a domain admin if they've set it up

        if( ! empty($this->_ad_username) && ! empty($this->_ad_password) )

        {

            $this->_bind = @ldap_bind($this->_conn,$this->_ad_username.$this->_account_suffix,$this->_ad_password);

            if( ! $this->_bind)

            {

                if($this->_use_ssl)

                {

                    //if you have problems troubleshooting, remove the @ character from the ldap_bind command above to get the actual error message

                    if ( $this->_error ("FATAL: AD bind to '". $dc ."' failed. <br/>Either the LDAPS connection failed or the login credentials are incorrect.") )

                    return FALSE;

                }

                else

                {

                    if ( $this->_error ("FATAL: AD bind to '". $dc ."' failed. Check the login credentials.") )

                    return FALSE;

                }

            }

        }

        else

        {

            $this->_bind = @ldap_bind($this->_conn);

            if( ! $this->_bind )

            {

                if ( $this->_error("FATAL: Anonymous AD bind to '". $dc ."' failed."))

                    return FALSE;

            }

        }

        return TRUE;

    }

    // basic test for errors

    function _error( $msg )

    {

        $errno = ldap_errno($this->_conn);

        if ($errno)

        {

            show_error("LDAP Lib error: (". $errno .") "

                        . ldap_err2str($errno) ."<br/>". $msg );

        }

        return (bool) $errno;

    }